With the increase in client-server communications, as well as the increase in the value of the data being communicated, there is a corresponding increase in the want and need for secure protocols for those communications. The ubiquity of mobile computing devices (more simply, “mobile devices”) and the functionality and data they access and store has increased this need. While there are existing secure data transport protocols, such as Secure Socket Layer (“SSL”) or Transport Layer Security (“TLS”), they are not suitable for all communications, data and environments. Additionally, they often require additional user authentication.
One-time passwords (“OTPs”) are gaining popularity as a secure method of user authentication, particularly for financial transactions. However, OTPs do not, by themselves, provide confidentiality of data.
One method of communicating securely is set out in Canadian Patent Application Number 2,590,989. The method set out therein is suitable for many scenarios, but the length of the passphrases used to derive the key for encrypt messages is relatively short. As a result, the encryption key can be less strong than desirable.
It is an object of this invention to provide a novel method and system for secure communication.